Security Center

You've worked hard to build your business.

We're committed to helping you protect it.

Our team works diligently to safeguard your BILL account with industry-accepted best practices, including advanced security tools, training on the latest policies and procedures, and continuous monitoring.

hero

Report suspicious activity

Notice something fishy with your BILL account, or believe your information has been compromised?

Let us know

Report phishing scams

Receive a suspicious email from someone claiming to represent BILL?

  • Don't reply to it
  • Don't click on any links
  • Don't open any attachments

Forward the email immediately to phishreport@hq.bill.com

Stay on guard

BILL is designed with your privacy and security in mind. We are committed to keep your information safe—but we need your help, too.

Listed below in BILL Protections and Security Measures, you can find various levels of controls we have in place to help guard your money and sensitive information.

You can also read various best practices, tips, and resources to help keep your account, data, and identity safe under Securing your accounts and transactions, and Protecting your devices and email accounts.

We're enhancing our security with you in mind.

Application Protections

BILL helps protect against unauthorized access to your account by:

  • Enforcing a strong password policy
  • Applying 2-Factor Authentication
  • Sending login data over a secure channel
  • Automatically logging out customers after a period of inactivity
  • Educating our customers on the risks of business email compromise schemes
  • Enforce separation of duties with role-based access that lets you control who can enter, approve, and pay bills.
  • Automatically keep a record of all AP activity with a timestamped audit trail that cannot be altered, including original bills, review notes, approvals, payments, and remittance details for each transaction; then easily access that documentation for internal, vendor, and auditor inquiries.

Payment Protections

  • Reduce risks from check theft by paying vendors with digital payments or checks that are sent by BILL on your behalf, rather than keeping blank check stock on your premises and exposing your bank information on checks you send.
  • BILL applies Positive Pay to reduce the risk of check fraud; the bank matches the check issued with the check presented for payment.
  • Keep your bank account information private from vendors by making digital payments through the BILL account.

Network Protections

  • BILL uses security software, intrusion detection and prevention appliances, and network monitoring technology to detect and prevent unauthorized electronic access to our servers.

Data Protections

  • BILL applies an additional level of encryption to protect access to sensitive customer data from malicious applications.
  • We use Transport Layer Security (TLS) and industry standard cipher suites to protect customer data during transit over the internet.
  • BILL replicates production data from the primary site to the co-location facility for disaster recovery scenarios.

Physical Protections

  • BILL servers and network infrastructure are hosted at secure data center facilities managed by leading certified data center providers.
  • All our employees undergo background checks and data security and privacy training.
  • We have a formal vendor management program to manage third-party risks.

Compliance Protections

  • BILL undergoes an annual SOC 1 and SOC 2 Type II Audit by a leading national CPA Firm.
  • BILL partners with a PCI certified vendor for credit card payments.
  • We have adopted an Anti-Money Laundering (AML)/Office of Foreign Assets Control (OFAC) Program, which is designed to prevent the BILL Service from being used for purposes of money laundering, terrorist financing, violating or subverting OFAC sanctions, or for other illegal purposes.

Responsible Disclosure Program

We take security seriously at BILL and are deeply appreciative of the role that security researchers play in improving the security posture of our product and platform.

We partner with BugCrowd to facilitate responsible disclosure of any security issues impacting BILL services. Please send us a summary email if you believe you have discovered a security vulnerability that you would like to report to us.